\chapter{Related Works} \label{cha:related_works}
Wireless networks are well known for their security problems and 
there are many technologies to solve the problem at different level of the
OSI model. In this
chapter, we introduce two technologies, the 802.1X and VPN,  which are used in large wireless
networks for authentication and security and we
discuss why they are not sufficient for the design of our peer-to-peer
Wi-Fi sharing model.
\section{802.1X}
In the IEEE standard for Port-based Network Control \cite{802.1X-2001}, 
the 802.1X standard is defined as follows:
\begin{quote}
``Port-based network access control makes use of the physical access
characteristics of IEEE 802 LAN infrastructures in order to provide a means
of authenticating and authorizing devices attached to a LAN port that has
point-to-point connection characteristics, and of preventing access to that
port in cases which the authentication and authorization fails. A port in
this context is a single point of attachment to the LAN infrastructure."--- 802.1X-2001, page 1.\\
\end{quote}
The 802.1X authentication takes place before a device gets connected with a
port of a switch, i.e. at layer 2 of the OSI model. For authentication, it
proposes to use   
the Extensible Authentication Protocol (EAP) \cite{eap}.  
The EAP in 802.1X is not limited to Ethernet, but can also
be used for other physical hardware like wireless network or token ring.

Figure \ref{img:802.1x} illustrates the authentication
procedure of 802.1X with EAP.
On detecting that a mobile client wants to connect with the access point,
the authenticator (here the wireless router) activates the port and sets the port
to unauthorized state. The mobile client will be asked  to start an authentication
process with a RADIUS server using the EAP protocol. The authentication can
be done either in a strong way, using certificates or in a weak way, using
username and password.

The RADIUS server will deliver the authentication result, either \emph{accept} or \emph{eject},
to the authenticator. On receiving the positive result, the authenticator
puts the state of the port to authorized and forwards the traffic for the
client.

The 802.1X itself does not handle the encryption. This is left to be
implemented by the vendors. Most of them are using WPA (or WPA2) for
encryption.

One example of the 802.1X deployment is the 
\emph{Google WiFi} which
is provided by Google  in the city of Mountain View, California
for free to anyone who has a Google Account \cite{google-wifi}.  
For people whose
equipment supports WPA (WPA2) encryption algorithms, he can use the secure connection
\emph{GoogleWiFiSecure}, otherwise he must use the open connection 
\emph{GoogleWiFi} with security and privacy risk or use the vpn solution of Google which is introduced in section \ref{google-vpn}.

\begin{figure}[htb]
 \centering
 \includegraphics[width=12cm]{pics/8021x}
 \caption{802.1X authentication for wireless networks
 }
 \label{img:802.1x}
\end{figure}

\section{The VPN Approach}\label{sec:vpn_approach}
The Virtual Personal Network (VPN) is a technology which uses the public
``insecure'' network to connect private networks. The encryption
takes place mostly at network layer using technology like
IPsec (for example Openswan \cite{openswan}). Recently, VPN products
like OpenVPN \cite{openvpn} which use transport layer encryption like SSL
have gained more popularity because of the ease of the deployment.

By using the tunneling technology, VPN encapsulates the packets of the
virtual network within the IPsec or SSL. The host will have a virtual IP
address which will be used to access other subnetworks.

VPN is often used by users of an 
open wireless network to get secure
access to company networks and/or to the Internet. Figure \ref{img:vpn_wifi} illustrates the usage of VPN in an open wireless network. A user firstly
gets associated with an open access point and starts a login process
with the gateway server. The gateway server then asks the RADIUS server for
authentication. After successful authentication, a secure channel exits
between the mobile client and the VPN gateway. 
\begin{figure}[tbp]
 \centering
 \includegraphics[width=12cm]{pics/wifi_vpn}
 \caption{VPN deployment for Wi-Fi}
 \label{img:vpn_wifi}
\end{figure}

Google WiFi also offers a free VPN solution named \emph{Google Secure Access}
\cite{google-vpn} \label{google-vpn}
for users who want to have secure Internet access but whose wireless 
equipments  do not support the WPA, WPA2
or 802.1x protocols. Google runs a central VPN gateway and 
forwards the traffic to the Internet.

Also a private user can establish their own virtual private network to secure
their network traffic in an open channel. Using software like OpenVPN
\cite{openvpn}, a user can build his own VPN-gateway running on a home
computer or a wireless router and thus makes connection secure.

\section{Summary}
Apparently, using 802.1X and/or VPN solves the problem of confidentiality, if
appropriate encryption algorithm is used. Using
VPN even solves the problem of legal liability if the VPN-gateway server
also acts as the default route gateway for the mobile client. 
However, these two methods do not satisfy the needs which are defined in
Chapter \ref{cha:requirements}. We present the reasons as follows:
\begin{itemize}
\item The
authentication depends on a centralized RADIUS server for 802.1X and/or a
VPN-gateway. The centralized way of these models leads to the lack of
scalability. 
\item 802.1X does not solve the liability problem. Due to the fact that NATs
are used in the current Internet architecture, a mobile user is logically
using the access router.
\item For people who have their own OpenVPN gateways, it is only possible to
use their VPN gateways in a free open Wi-Fi channel. There is no appropriate
way of user authentication or difficult to design if this technology is
used in Wi-Fi sharing systems.
\item Features like \emph{macro mobility} are not possible. 
\end{itemize}

The utilization of HIP will solve  the problems mentioned above in a better way.
We discuss our design using HIP in the following chapter.
